How will you detect an incident or data breach, and what steps do you take to prevent it from happening?

How to Answer
1st Answer Example
2nd Answer Example

There are many software and hardware detection systems in the market that help prevent incidents and data breaches. Hiring managers will ask situational questions about detection and how they start. Explaining to the manager that organizations need to change their mindset about how detection is addressed will definitely give you points in the interview. Furthermore, Cyber experts should be able to articulate the procedures involved in tracking an intruder and where most companies fail with their detection systems. Don't be shy; tell the manager how much you enjoy your work, and how proud you are for setting up and maintaining an environment that that has 0% intrusion as a direct result of your security strategy and vision.

"An incident can happen at any time without warning, so being ready is critically important. I strongly believe that every company should have a plan B for attacks that take place without warning. Once a hacker gains access to a system, there are two main directives that they pursue. Doing reconnaissance, and exploring to understand the system. Their next steps are to find assets (Data), how to access them, all while acting in a stealth mode in the system. This is where I would be able to detect their movements, and track activity."

"The trick is having a strong detection system that finds an attacker early in the process to thwart or minimize data theft or other significant damage. In order to find an active attacker, there are two challenges must be addressed and solved:

1) You need to change your approach on what you look for and how you identify them
2) Look at full network activity, rather than limited packet routing

I find that the whole mindset has to change, because identifying an active attacker through the typical process of pre-defined signatures, entry behaviors, and other signs isn't the most efficient way of protecting your systems. These hackers are meticulous, and follow a step-by-step campaign to gain entry."

Next Question

How to Answer: How will you detect an incident or data breach, and what steps do you take to prevent it from happening?

Advice and answer examples written specifically for a Trend Micro job interview.

2. How will you detect an incident or data breach, and what steps do you take to prevent it from happening?

How to Answer

There are many software and hardware detection systems in the market that help prevent incidents and data breaches. Hiring managers will ask situational questions about detection and how they start. Explaining to the manager that organizations need to change their mindset about how detection is addressed will definitely give you points in the interview. Furthermore, Cyber experts should be able to articulate the procedures involved in tracking an intruder and where most companies fail with their detection systems. Don't be shy; tell the manager how much you enjoy your work, and how proud you are for setting up and maintaining an environment that that has 0% intrusion as a direct result of your security strategy and vision.

Written by Tom Dushaj on March 7th, 2019

1st Answer Example

"An incident can happen at any time without warning, so being ready is critically important. I strongly believe that every company should have a plan B for attacks that take place without warning. Once a hacker gains access to a system, there are two main directives that they pursue. Doing reconnaissance, and exploring to understand the system. Their next steps are to find assets (Data), how to access them, all while acting in a stealth mode in the system. This is where I would be able to detect their movements, and track activity."

Written by Tom Dushaj on March 7th, 2019

2nd Answer Example

"The trick is having a strong detection system that finds an attacker early in the process to thwart or minimize data theft or other significant damage. In order to find an active attacker, there are two challenges must be addressed and solved:

1) You need to change your approach on what you look for and how you identify them
2) Look at full network activity, rather than limited packet routing

I find that the whole mindset has to change, because identifying an active attacker through the typical process of pre-defined signatures, entry behaviors, and other signs isn't the most efficient way of protecting your systems. These hackers are meticulous, and follow a step-by-step campaign to gain entry."

Next Question